Skip to content

Commit

Permalink
feat(shield): set host shield to secure_light by default (#2035)
Browse files Browse the repository at this point in the history
  • Loading branch information
aroberts87 authored Nov 14, 2024
1 parent 47f2e2e commit cbfdb4b
Show file tree
Hide file tree
Showing 3 changed files with 111 additions and 2 deletions.
2 changes: 1 addition & 1 deletion charts/shield/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -13,5 +13,5 @@ maintainers:
- name: mavimo
email: [email protected]
type: application
version: 0.1.19
version: 0.1.20
appVersion: "1.0.0"
35 changes: 34 additions & 1 deletion charts/shield/templates/host/_configmap_helpers.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,38 @@
{{- dict "features" $config | toYaml }}
{{- end }}
{{- define "host.features.netsec_enabled" }}
{{- if or .Values.features.investigations.network_security.enabled
(dig "network_topology" "enabled" false .Values.host.additional_settings) }}
true
{{- end }}
{{- end }}
{{- define "host.features.monitor_enabled" }}
{{- if or .Values.features.monitoring.app_checks.enabled
.Values.features.monitoring.java_management_extensions.enabled
.Values.features.monitoring.prometheus.enabled
.Values.features.monitoring.statsd.enabled
(dig "app_checks_enabled" false .Values.host.additional_settings)
(dig "jmx" "enabled" false .Values.host.additional_settings)
(dig "prometheus" "enabled" false .Values.host.additional_settings)
(dig "statsd" "enabled" false .Values.host.additional_settings) }}
true
{{- end }}
{{- end }}
{{/* Calculate the agent mode based on enabled features */}}
{{- define "host.configmap.agent_mode" }}
{{- $mode := "secure_light" }}
{{- if (include "host.features.netsec_enabled" .) }}
{{- $mode = "secure" }}
{{- end }}
{{- if (include "host.features.monitor_enabled" .) }}
{{- $mode = "monitor" }}
{{- end }}
{{- dict "feature" (dict "mode" $mode) | toYaml -}}
{{- end }}
{{- define "host.parse_features" }}
{{/* TODO: Kubernetes metadata */}}
{{- with .Values.features }}
Expand Down Expand Up @@ -103,8 +135,9 @@
{{- $config = merge $config (dict "local_forwarder" (dict "enabled" .enabled "transmit_message_types" .transmit_message_types)) }}
{{- end }}
{{- end }}
{{- $config = merge $config (include "host.configmap.agent_mode" . | fromYaml) }}
{{- if .Values.host.additional_settings }}
{{- $config = merge $config (include "host.config_override" . | fromYaml) }}
{{- $config = mergeOverwrite $config (include "host.config_override" . | fromYaml) }}
{{- end }}
{{- $config | toYaml }}
{{- end }}
76 changes: 76 additions & 0 deletions charts/shield/tests/host/configmap-dragent-yaml_test.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -951,3 +951,79 @@ tests:
pattern: |
http_proxy:
ca_certificate: certificates/custom-ca-from-secret.crt
- it: Test secure_light by default
asserts:
- matchRegex:
path: data['dragent.yaml']
pattern: |
feature:
mode: secure_light
- it: Test manual override of feature mode
set:
features:
monitoring:
app_checks:
enabled: true
host:
additional_settings:
feature:
mode: troubleshooting
asserts:
- matchRegex:
path: data['dragent.yaml']
pattern: |
feature:
mode: troubleshooting
- it: Test enabling NetSec flips agent to secure mode
set:
features:
investigations:
network_security:
enabled: true
asserts:
- matchRegex:
path: data['dragent.yaml']
pattern: |
feature:
mode: secure
- it: Test enabling NetSec in additional_settings flips agent to secure mode
set:
host:
additional_settings:
network_topology:
enabled: true
asserts:
- matchRegex:
path: data['dragent.yaml']
pattern: |
feature:
mode: secure
- it: Test enabling a monitor feature forces agent mode to monitor
set:
features:
monitoring:
app_checks:
enabled: true
asserts:
- matchRegex:
path: data['dragent.yaml']
pattern: |
feature:
mode: monitor
- it: Test enabling a monitor feature in additional_settings forces agent mode to monitor
set:
host:
additional_settings:
app_checks_enabled: true
asserts:
- matchRegex:
path: data['dragent.yaml']
pattern: |
feature:
mode: monitor

0 comments on commit cbfdb4b

Please sign in to comment.